chrome/test/data/webui/parse_html_subset_test.html - Issue 1907653002: WebUI: allow target="_blank" by default in parseHtmlSubset().

Side by Side Diff: chrome/test/data/webui/parse_html_subset_test.html

Issue 1907653002: WebUI: allow target="_blank" by default in parseHtmlSubset(). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 <!DOCTYPE html>	1 <!DOCTYPE html>

2 <html>	2 <html>

3 <head>	3 <head>

4 <title>parseHtmlSubset test</title>	4 <title>parseHtmlSubset test</title>

5 </head>	5 </head>

6 <body>	6 <body>

7 <script>	7 <script>

8	8

9 function parseAndAssertThrows() {	9 function parseAndAssertThrows() {

10 var args = arguments;	10 var args = arguments;

11 assertThrows(function() {	11 assertThrows(function() {

12 parseHtmlSubset.apply(null, args);	12 parseHtmlSubset.apply(null, args);

13 });	13 });

14 }	14 }

15	15

16 function parseAndAssertNotThrows() {

17 var args = arguments;

18 parseHtmlSubset.apply(null, args);

19 }

20

21 function testText() {	16 function testText() {

22 parseAndAssertNotThrows('');	17 parseHtmlSubset('');

23 parseAndAssertNotThrows('abc');	18 parseHtmlSubset('abc');

24 parseAndAssertNotThrows(' ');	19 parseHtmlSubset(' ');

25 }	20 }

26	21

27 function testSupportedTags() {	22 function testSupportedTags() {

28 parseAndAssertNotThrows('<b>bold</b>');	23 parseHtmlSubset('<b>bold</b>');

29 parseAndAssertNotThrows('Some <b>bold</b> text');	24 parseHtmlSubset('Some <b>bold</b> text');

30 parseAndAssertNotThrows('Some <strong>strong</strong> text');	25 parseHtmlSubset('Some <strong>strong</strong> text');

31 parseAndAssertNotThrows('<B>bold</B>');	26 parseHtmlSubset('<B>bold</B>');

32 parseAndAssertNotThrows('Some <B>bold</B> text');	27 parseHtmlSubset('Some <B>bold</B> text');

33 parseAndAssertNotThrows('Some <STRONG>strong</STRONG> text');	28 parseHtmlSubset('Some <STRONG>strong</STRONG> text');

34 }	29 }

35	30

36 function testInvalidTags() {	31 function testInvalidTags() {

37 parseAndAssertThrows('<unknown_tag>x</unknown_tag>');	32 parseAndAssertThrows('<unknown_tag>x</unknown_tag>');

38 parseAndAssertThrows('<img>');	33 parseAndAssertThrows('<img>');

39 parseAndAssertThrows('<script>alert(1)<' + '/script>');	34 parseAndAssertThrows('<script>alert(1)<' + '/script>');

40 }	35 }

41	36

42 function testInvalidAttributes() {	37 function testInvalidAttributes() {

43 parseAndAssertThrows('<b onclick="alert(1)">x</b>');	38 parseAndAssertThrows('<b onclick="alert(1)">x</b>');

44 parseAndAssertThrows('<b style="color:red">x</b>');	39 parseAndAssertThrows('<b style="color:red">x</b>');

45 parseAndAssertThrows('<b foo>x</b>');	40 parseAndAssertThrows('<b foo>x</b>');

46 parseAndAssertThrows('<b foo=bar></b>');	41 parseAndAssertThrows('<b foo=bar></b>');

47 }	42 }

48	43

49 function testValidAnchors() {	44 function testValidAnchors() {

50 parseAndAssertNotThrows('<a href="https://google.com">Google</a>');	45 parseHtmlSubset('<a href="https://google.com">Google</a>');

51 parseAndAssertNotThrows('<a href="chrome://settings">Google</a>');	46 parseHtmlSubset('<a href="chrome://settings">Google</a>');

52 }	47 }

53	48

54 function testInvalidAnchorHrefs() {	49 function testInvalidAnchorHrefs() {

55 parseAndAssertThrows('<a href="http://google.com">Google</a>');	50 parseAndAssertThrows('<a href="http://google.com">Google</a>');

56 parseAndAssertThrows('<a href="ftp://google.com">Google</a>');	51 parseAndAssertThrows('<a href="ftp://google.com">Google</a>');

57 parseAndAssertThrows('<a href="http/google.com">Google</a>');	52 parseAndAssertThrows('<a href="http/google.com">Google</a>');

58 parseAndAssertThrows('<a href="javascript:alert(1)">Google</a>');	53 parseAndAssertThrows('<a href="javascript:alert(1)">Google</a>');

59 parseAndAssertThrows('<a href="chrome-extension://whurblegarble">Google</a>');	54 parseAndAssertThrows('<a href="chrome-extension://whurblegarble">Google</a>');

60 }	55 }

61	56

62 function testInvalidAnchorAttributes() {	57 function testInvalidAnchorAttributes() {

63 parseAndAssertThrows('<a name=foo>Google</a>');	58 parseAndAssertThrows('<a name=foo>Google</a>');

64 parseAndAssertThrows(	59 parseAndAssertThrows(

65 '<a onclick="alert(1)" href="https://google.com">Google</a>');	60 '<a onclick="alert(1)" href="https://google.com">Google</a>');

66 parseAndAssertThrows('<a foo="bar(1)" href="https://google.com">Google</a>');	61 parseAndAssertThrows('<a foo="bar(1)" href="https://google.com">Google</a>');

67 }	62 }

68	63

69 function testAnchorTarget() {	64 function testAnchorTarget() {

70 parseAndAssertNotThrows(	65 var df = parseHtmlSubset(

71 '<a href="https://google.com" target="_blank">Google</a>');	66 '<a href="https://google.com" target="_blank">Google</a>');

72 parseAndAssertNotThrows(	67 assertEquals('_blank', df.firstChild.target);

73 '<a href="https://google.com" target="foo">Google</a>');	68 }

	69

	70 function testInvalidTarget() {

	71 parseAndAssertThrows('<form target="_evil">', ['form']);

	72 parseAndAssertThrows('<iframe target="_evil">', ['iframe']);

	73 parseAndAssertThrows('<a href="https://google.com" target="foo">Google</a>');

74 }	74 }

75	75

76 function testCustomTags() {	76 function testCustomTags() {

77 parseAndAssertNotThrows('yo <I>ho</i><bR>yo <EM>ho</em>', ['i', 'EM', 'Br']);	77 parseHtmlSubset('yo <I>ho</i><bR>yo <EM>ho</em>', ['i', 'EM', 'Br']);

78 }	78 }

79	79

80 function testInvalidCustomTags() {	80 function testInvalidCustomTags() {

81 parseAndAssertThrows("a pirate's<script>lifeForMe();<" + '/script>', ['br']);	81 parseAndAssertThrows("a pirate's<script>lifeForMe();<" + '/script>', ['br']);

82 }	82 }

83	83

84 function testCustomAttributes() {	84 function testCustomAttributes() {

85 function returnsTruthy(node, value) {	85 function returnsTruthy(node, value) {

86 assertEquals('A', node.tagName);	86 assertEquals('A', node.tagName);

87 assertEquals('fancy', value);	87 assertEquals('fancy', value);

88 return true;	88 return true;

89 }	89 }

90 parseAndAssertNotThrows('<a class="fancy">I\'m fancy!</a>', null,	90 parseHtmlSubset('<a class="fancy">I\'m fancy!</a>', null,

91 {class: returnsTruthy});	91 {class: returnsTruthy});

92 }	92 }

93	93

94 function testInvalidCustomAttributes() {	94 function testInvalidCustomAttributes() {

95 function returnsFalsey() {	95 function returnsFalsey() {

96 return false;	96 return false;

97 }	97 }

98 parseAndAssertThrows('<a class="fancy">I\'m fancy!</a>', null,	98 parseAndAssertThrows('<a class="fancy">I\'m fancy!</a>', null,

99 {class: returnsFalsey});	99 {class: returnsFalsey});

100 parseAndAssertThrows('<a class="fancy">I\'m fancy!</a>');	100 parseAndAssertThrows('<a class="fancy">I\'m fancy!</a>');

101 }	101 }

102	102

103 function testOnErrorAsync(testDoneCalback) {	103 function testOnErrorAsync(testDoneCalback) {

104 window.called = false;	104 window.called = false;

105	105

106 parseAndAssertThrows('<img onerror="window.called = true" src="_.png">');	106 parseAndAssertThrows('<img onerror="window.called = true" src="_.png">');

107 parseAndAssertThrows('<img src="_.png" onerror="window.called = true">');	107 parseAndAssertThrows('<img src="_.png" onerror="window.called = true">');

108	108

109 window.setTimeout(function() {	109 window.setTimeout(function() {

110 assertFalse(window.called);	110 assertFalse(window.called);

111 testDoneCalback();	111 testDoneCalback();

112 });	112 });

113 }	113 }

114	114

115 </script>	115 </script>

116	116

117 </body>	117 </body>

118 </html>	118 </html>

OLD	NEW

« no previous file with comments | « no previous file | ui/webui/resources/js/parse_html_subset.js » ('j') | no next file with comments »